corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1896625 - Add a new flag to allow to always setup TLS tunnel, r=necko-reviewers,valentin

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D212251
This commit is contained in:
Kershaw Chang
2024-06-13 15:27:00 +00:00
parent 156f6b8ef0
commit 8b08e917b0
9 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dom/media/webrtc/transport/ipc/WebrtcTCPSocket.cpp
View File

@@ -465,7 +465,7 @@ nsresult WebrtcTCPSocket::OpenWithHttpProxy() {
if (NS_WARN_IF(NS_FAILED(rv))) { if (NS_WARN_IF(NS_FAILED(rv))) {
return rv; return rv;
} }
rv = httpChannel->SetConnectOnly(); rv = httpChannel->SetConnectOnly(false);
if (NS_WARN_IF(NS_FAILED(rv))) { if (NS_WARN_IF(NS_FAILED(rv))) {
return rv; return rv;
} }

5
netwerk/protocol/http/HttpBaseChannel.cpp
View File

@@ -3768,7 +3768,7 @@ HttpBaseChannel::GetOnlyConnect(bool* aOnlyConnect) {
} }
NS_IMETHODIMP NS_IMETHODIMP
HttpBaseChannel::SetConnectOnly() { HttpBaseChannel::SetConnectOnly(bool aTlsTunnel) {
ENSURE_CALLED_BEFORE_CONNECT(); ENSURE_CALLED_BEFORE_CONNECT();
if (!mUpgradeProtocolCallback) { if (!mUpgradeProtocolCallback) {
@@ -3776,6 +3776,9 @@ HttpBaseChannel::SetConnectOnly() {
} }
mCaps |= NS_HTTP_CONNECT_ONLY; mCaps |= NS_HTTP_CONNECT_ONLY;
if (aTlsTunnel) {
mCaps |= NS_HTTP_TLS_TUNNEL;
}
mProxyResolveFlags = nsIProtocolProxyService::RESOLVE_PREFER_HTTPS_PROXY | mProxyResolveFlags = nsIProtocolProxyService::RESOLVE_PREFER_HTTPS_PROXY |
nsIProtocolProxyService::RESOLVE_ALWAYS_TUNNEL; nsIProtocolProxyService::RESOLVE_ALWAYS_TUNNEL;
return SetLoadFlags(nsIRequest::INHIBIT_CACHING | nsIChannel::LOAD_ANONYMOUS | return SetLoadFlags(nsIRequest::INHIBIT_CACHING | nsIChannel::LOAD_ANONYMOUS |

2
netwerk/protocol/http/HttpBaseChannel.h
View File

@@ -273,7 +273,7 @@ class HttpBaseChannel : public nsHashPropertyBag,
NS_IMETHOD GetRemoteAddress(nsACString& addr) override; NS_IMETHOD GetRemoteAddress(nsACString& addr) override;
NS_IMETHOD GetRemotePort(int32_t* port) override; NS_IMETHOD GetRemotePort(int32_t* port) override;
NS_IMETHOD GetOnlyConnect(bool* aOnlyConnect) override; NS_IMETHOD GetOnlyConnect(bool* aOnlyConnect) override;
NS_IMETHOD SetConnectOnly() override; NS_IMETHOD SetConnectOnly(bool aTlsTunnel) override;
NS_IMETHOD GetAllowSpdy(bool* aAllowSpdy) override; NS_IMETHOD GetAllowSpdy(bool* aAllowSpdy) override;
NS_IMETHOD SetAllowSpdy(bool aAllowSpdy) override; NS_IMETHOD SetAllowSpdy(bool aAllowSpdy) override;
NS_IMETHOD GetAllowHttp3(bool* aAllowHttp3) override; NS_IMETHOD GetAllowHttp3(bool* aAllowHttp3) override;

1
netwerk/protocol/http/nsHttp.cpp
View File

@@ -1,3 +1,4 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim:set ts=4 sw=2 sts=2 et cin: */ /* vim:set ts=4 sw=2 sts=2 et cin: */
/* This Source Code Form is subject to the terms of the Mozilla Public /* This Source Code Form is subject to the terms of the Mozilla Public

4
netwerk/protocol/http/nsHttp.h
View File

@@ -186,6 +186,10 @@ extern const nsCString kHttp3Versions[];
// When set, disallow to connect to a HTTP/2 proxy. // When set, disallow to connect to a HTTP/2 proxy.
#define NS_HTTP_DISALLOW_HTTP2_PROXY (1 << 28) #define NS_HTTP_DISALLOW_HTTP2_PROXY (1 << 28)
// When set, setup TLS tunnel even when HTTP proxy is used.
// Need to be used together with NS_HTTP_CONNECT_ONLY
#define NS_HTTP_TLS_TUNNEL (1 << 29)
#define NS_HTTP_TRR_FLAGS_FROM_MODE(x) ((static_cast<uint32_t>(x) & 3) << 19) #define NS_HTTP_TRR_FLAGS_FROM_MODE(x) ((static_cast<uint32_t>(x) & 3) << 19)
#define NS_HTTP_TRR_MODE_FROM_FLAGS(x) \ #define NS_HTTP_TRR_MODE_FROM_FLAGS(x) \

3
netwerk/protocol/http/nsHttpConnection.cpp
View File

@@ -1069,7 +1069,8 @@ void nsHttpConnection::HandleTunnelResponse(uint16_t responseStatus,
nsresult rv; nsresult rv;
if (isHttps) { if (isHttps) {
bool skipSSL = false; bool skipSSL = false;
if (mConnInfo->UsingHttpsProxy()) { if (mConnInfo->UsingHttpsProxy() ||
mTransactionCaps & NS_HTTP_TLS_TUNNEL) {
LOG(("%p SetupSecondaryTLS %s %d\n", this, mConnInfo->Origin(), LOG(("%p SetupSecondaryTLS %s %d\n", this, mConnInfo->Origin(),
mConnInfo->OriginPort())); mConnInfo->OriginPort()));
SetupSecondaryTLS(); SetupSecondaryTLS();

5
netwerk/protocol/http/nsIHttpChannelInternal.idl
View File

@@ -211,8 +211,11 @@ interface nsIHttpChannelInternal : nsISupports
* *
* Proxy resolve flags are set with RESOLVE_PREFER_HTTPS_PROXY and * Proxy resolve flags are set with RESOLVE_PREFER_HTTPS_PROXY and
* RESOLVE_ALWAYS_TUNNEL. * RESOLVE_ALWAYS_TUNNEL.
*
* @param tlsTunnel
* When true, always setup TLS tunnel
*/ */
[must_use] void setConnectOnly(); [must_use] void setConnectOnly(in boolean tlsTunnel);
/** /**
* True iff the channel is CONNECT only. * True iff the channel is CONNECT only.

2
netwerk/test/unit/test_proxyconnect.js
View File

@@ -229,7 +229,7 @@ function makeChan(url) {
var internal = chan.QueryInterface(Ci.nsIHttpChannelInternal); var internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
internal.HTTPUpgrade(ALPN, upgradeListener); internal.HTTPUpgrade(ALPN, upgradeListener);
internal.setConnectOnly(); internal.setConnectOnly(false);
return chan; return chan;
} }

2
netwerk/test/unit/test_proxyconnect_https.js
View File

@@ -49,7 +49,7 @@ add_task(async function test_connect_only_https() {
let chan = makeChan(`https://localhost:${server.port()}/test`); let chan = makeChan(`https://localhost:${server.port()}/test`);
var internal = chan.QueryInterface(Ci.nsIHttpChannelInternal); var internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
internal.HTTPUpgrade("webrtc", upgradeListener); internal.HTTPUpgrade("webrtc", upgradeListener);
internal.setConnectOnly(); internal.setConnectOnly(false);
await new Promise(resolve => { await new Promise(resolve => {
chan.asyncOpen(new ChannelListener(resolve, null, CL_ALLOW_UNKNOWN_CL)); chan.asyncOpen(new ChannelListener(resolve, null, CL_ALLOW_UNKNOWN_CL));
}); });